tcpdump: disable Capsicum if -E option is provided.

The -E is used to provide a secret for decrypting IPsec. The secret may be provided through command line or as the file. The problem is that tcpdump doesn't support yet opening files in capability mode and the file may contain a list of the files to open. As a workaround, for now, let's just disable capsicum if the -E the option is provided. PR: 236819 MFC after: 2 weeks
svn path=/head/; revision=346263
2019-04-16 04:12:41 +00:00 · 2019-04-16 04:12:41 +00:00 · 42668853c0 · 2020-12-20 02:59:44 +00:00
commit 42668853c0
parent f39ec261ad
1 changed files with 2 additions and 1 deletions
--- a/contrib/tcpdump/tcpdump.c
+++ b/contrib/tcpdump/tcpdump.c
@ -2063,7 +2063,8 @@ main(int argc, char **argv)
 	}

 #ifdef HAVE_CAPSICUM
-	cansandbox = (VFileName == NULL && zflag == NULL);
+	cansandbox = (VFileName == NULL && zflag == NULL &&
+	    ndo->ndo_espsecret == NULL);
 #ifdef HAVE_CASPER
 	cansandbox = (cansandbox && (ndo->ndo_nflag || capdns != NULL));
 #else